d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bhyve: avoid theoretical stack buffer overflow from integer overflow

Browse Source 
Use the proper size_t type to match strlen's return type.  This is not
exploitable in practice as this parses command line arguments, which
are limited to well below 2^31 bytes.

This is a minimal change to address the reported issue; hda_parse_config
and the rest of this file will benefit from further review.

Reported by:	Fakhri Zulkifli
Reviewed by:	jhb, markj
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
emaste 2019-06-25 19:06:43 +00:00
parent 5e80329f9c
commit aa773f3e23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr.sbin/bhyve/pci_hda.c
View File

@ -324,15 +324,14 @@ hda_parse_config(const char *opts, const char *key, char *val)
char buf[64];
char *s = buf;
char *tmp = NULL;
int len;
size_t len;
int i;
if (!opts)
return (0);
len = strlen(opts);
if (len >= 64) {
if (len >= sizeof(buf)) {
DPRINTF("Opts too big\n");
return (0);
}